Synology DiskStation Manager Cross-Site Request Forgery (CVE-2024-45538)

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. This plugin only works wit...

SRC-2018-0006 : Synology Photo Station SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Synology Photo Station. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

SRC-2018-0005 : Synology Photo Station LogList Stored Cross Site Scripting Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Synology Photo Station. User interaction is not required to exploit this vulnerability. The specific flaw exists when parsing html characters in the LogList function. The issu...